An arithmetical proof of the strong normahzation 

for the A-calculus 
with recursive equations on types 



Rene David & Karim Nour"^ 
Universite de Savoie 



Abstract. We give an aritlimetical proof of tlie strong normalization of the 
A-calculus (and also of the A/i-calculus) where the type system is the one of 
simple types with recursive equations on types. 

The proof using candidates of reducibility is an easy extension of the one 
without equations but this proof cannot be formalized in Peano arithmetic. 
The strength of the system needed for such a proof was not known. Our 
proof shows that it is not more than Peano arithmetic. 



1 Introduction 

The A-calculus is a powerful model for representing functions. In its un-typed ver- 
sion, every recursive function can be represented. But, in this model, a term can 
be applied to itself and a computation may not terminate. To avoid this problem, 
types are used. In the simplest case, they are built from atomic types with the arrow 
and the typing rules say that a function of type U ^ V may only be applied to 
an argument of type U. This discipline ensures that every typed term is strongly 
normalizing, i.e. a computation always terminate. 

In this system (the simply typed A-calculus), Church numerals, i.e. the terms of 
the form XfXx{f (/ ... (/ x))), are codes for the integers. They are the only terms 
(in normal form) of type (o — > o) — > (o — > o). Thus, functions on the integers can be 
represented but Schwichtenberg [38] has shown that very few functions are so. He 
showed that the extended polynomials (i.e. polynomials with positive coefficients 
together with a conditional operator) are the only functions that can be represented 
there. Other type systems were then designed to allow the representation of more 
functions. They are built in different ways. 

The first one consists in extending the set of terms. For example, in Godel 
system T, the terms use the usual constructions of the A-calculus, the constant 0, 
the constructor S and an operator for recursion. The types are built from the atomic 
type N with the arrow. This system represents exactly the functions whose totality 
can be shown in Peano first order arithmetic. 

The second one consists in keeping the same terms but extending the type 
system. This is, for example, the case of Girard system F where the types can 
use a second order universal quantifier. There, the type of the integers is given by 
yX {{X X) (X ^ ^))- This system represents exactly the functions whose 
totality can be shown in Peano second order arithmetic. 

A third way consists in extending the logic. In the Curry-Howard correspondence, 
the previous systems correspond to intuitionistic logic. Other systems correspond 
to classical logic. There, again, new constructors for terms are introduced. This is, 
for example, the case of Parigot's A/x-calculus [35]. 
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Since the introduction of Girard system F for intuitionistic logic and Parigot's 
A/i-calculus for classical logic, many others, more and more powerful, type systems 
were introduced. For example, the calculus of constructions (Coquand & Huet [7]) 
and, more generally, the Pure Type Systems. 

It is also worth here to mention the system TTR of Parigot [33] where some types 
arc defined as the least fixed point of an operator. This system was introduced, not 
to represent more functions, but to represent more algorithms. For example, to be 
able to represent the integers in such a way that the predecessor can be computed 
in constant time, which is not the case for the previous systems. 

These systems all satisfy the subject reduction (i.e. the fact that the type is pre- 
served by reduction), the strong normalization (i.e. every computation terminates) 
and, for the systems based on simple types, the decidability of type assignment. 

We study here other kinds of extension of the simply typed A-calculus, i.e. sys- 
tems where equations on types are allowed. These types are usually called recursive 
types. For more details sec, for example, [3]. They are present in many languages 
and are intended to be able to be unfolded recursively to match other types. The 
subject reduction and the decidability of type assignment are preserved but the 
strong normalization may be lost. For example, with the cqiiation X = X T, the 
term (6 6) where S = Xx (xx) is typable but is not strongly normalizing. With the 
equation X = X ^ X , every term can be typed. 

By making some natural assumptions on the recursive equations the strong nor- 
malization can be preserved. The simplest condition is to accept the equation X = F 
(where F is a type containing the variable X) only when the variable X is positive 
in F. For a set {Xi = Fi / i E 1} oi mutually recursive equations, Mcndlcr [29] has 
given a very simple and natural condition that ensures the strong normalization 
of the system. He also showed that the given condition is necessary to have the 
strong normalization. His proof is based on the reducibility method. The condition 
ensures enough monotonicity to have fixed point on the candidates. But this proof 
(using candidates of reducibility) cannot be formalized in Peano arithmetic and 
the strength of the system needed for a proof of the strong normalization of such 
systems was not known. 

In this paper, we give an arithmetical proof of the strong normalization of the 
simply typed A-calculus (and also of the A/i-calculus) with recursive equations on 
types satisfying Alcndlcr's condition. 

This proof is an extension of the one given by the first author for the simply 
typed A-calculus. It can be found cither in [8] (where it appears among many other 
things) or as a simple unpublished note on the web page of the first author [9]. 
Apparently, proof methods similar to that used here were independently invented 
by several authors (Levy, van Daalen, Valentini and others). The proof for the 
Ay^-calculus is an extension of the ones given in [11] or [12]. 

The paper is organized as follows. In section 2 we define the simply typed A- 
calculus with recursive equations on types. To help the reader and show the main 
ideas, we first give, in section 3, the proof of strong normalization for the A-calculus. 
We generalize this proof to the A/z-calculus in section 4. In section 5, we give two 
examples of applications of systems with recursive types. We conclude in section 6 
with some open questions. 

2 The typed A-calculus 

Definition 1. Let V he an infinite set of variables. 
1. The set M. of X-terms is defined by the following grammar 

M::= V \ XV M \ {M M) 
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2. The relation \> on A4 is defined as the least relation (compatible with the context) 
containing the rule {Xx M N) [> M[x := N]. As usual, >* (resp. denotes 
the reflexive and transitive (resp. transitive) closure oft>. 

Definition 2. Let A he a set of atomic constants and X = {Xi / i & 1} be a set of 

type variables. 

1. The set T of types is defined by the following grammar 

T ::= A \ X \ T 

2. When E = {Fi / i £ 1} is a set of types, the congruence w generated by E is 
the least congruence on T such that Xi w Fi for each i £ I. 

Definition 3. Let ^ be a congruence on T. The typing rules of the typed system 
are given below where F is a context, i.e. a set of declarations of the form x : U 
where x €V and U 

F'rM-.U i/wy 

ax 



r,x:Uhx:U F h M : V 

F,x:UhM:V F h Mi : U ^ V F h M2 : U 



Fh \x M -.U -^V Fh {Ml M2) -.V 

Lemma 1. Let k be a congruence generated by a set of types. 

L IfU kVi^ V2, then U € X or U = Ui ^ U2. 

2. If Ui^VikU2^ V2, then Ui » U2 and Fi « Fa- 

3. If F \- X : T , then x : U occurs in F for some U p^T . 

4. IfF^XxM:T, then F,x : U \- M : V for some U, V such that U f^T. 

5. IfF h (MTV) : T, then F ^ M : U ^ V , F \- N : U for some V^T and U. 

6. IfF,x:UhM:TandUKV, then F,x:V^ M -.T. 

7. If F,x : U h M : T and F i- N : U, then F h M[x := N] : T. 

Proof Easy. □ 
Theorem 1. // T h M : T and M >* M' , then Fh M' -.T. 

Proof It is enough to show that if (Ace MN):T, then F h M[x := N] : T. 
Assume F h (Aa; M N) : T. By lemma I, F h Xx M : U ^ V , F h N : U a.nA 
V ^T. Thus, F,x : U' h M : V and U' ^V.By lemma 1, wc have 

U' fvU and V « V. Thus, F,x : U h M : V. Since F ^ N : U and V T, the 
result follows immediately. □ 

Definition 4. Let X & X. We define the subsets T+(X) and T~{X) of T as 
follows. 

- X € T+{X) 

- If U e{X- {X}) U A, then U e T+(X) n T-{X). 

- IfU e r-{X) and V £ T+{X), then U G T+{X) andV € T-{X). 

Definition 5. We say that a congruence « is good if the following property holds: 
for each X€X,ifXKT, then T e T+{X). 

Examples 

In each of the following cases, the congruence generated by the given equations 
is good. 

1. Xi ^{Xi^ X2^Y)^Y and X2 « {X2 Xi^Y) ^Y. 

2. XikX2^ Xi and X2 « Xi ^ X2. 
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3. The same equations as in case 2 and X3 fa F{Xi,X2) — > X3 where F is any 
type using only the variables Xi,X2. 

4. The same equations as in case 3 and X4 « X5 G{Xi, X2, X:^) X4, X5 « 
X4 — > H{Xi, X2, X3) X5 where G, H are any types using only the variables 
Xi,X2,Xs. 

In the rest of the paper, we fix a finite set E = {Fj / i G 1} of types and we 
denote by » the congruence generated by E. We assume that w is good. 

Notations and remarks 

— We have assumed that the set of equations that we consider is finite. This is 
to ensure that the order on I given by definition 6 below is well founded. It 
should be clear that this is not a real constraint. Since to type a term, only a 
finite number of equations is used, we may consider that the other variables are 
constant and thus the general result follows immediately from the finite case. 

— If M is a term, cxty{M) will denote the structural complexity of M. 

— We denote by SN the set of strongly normalizing terms. If M G SN, we de- 
note by r]{M) the length of the longest reduction of M and by r]c{M) the pair 
{r^{M),cxty{M)). 

— We denote by M ^ the fact that M is a sub-term of a reduct of A''. 

— As usual, some parentheses are omitted and, for example, we write (M P Q) 
instead of ((M P) Q). More generally, if is a finite sequence Oi,...,0„ of 
terms, we denote by (M ~d) the term ((...(M Ox)... 0„-i) 0„) and hy ~d €SN 
the fact that Oi, 0„ e SN. 

— If (T is the substitution [xi 7Vi,...,a;„ := Nn], we denote by dom{(j) the 
set {xi, ...,Xn}, by Im{a) the set {Ni, ...,Nn} and by cr G SN the fact that 
Im{a) C SN. 

— If (7 is a substitution, z ^ dom,{a) and M is a term, we denote by [cr + z := M\ 
the substitution a' defined by o'{x) = <j{x) for x S dom{a) and a'{z) = M. 

— In a proof by induction, IH will denote the induction hypothesis. When the 
induction is done on a tuple of integers, the order always is the lexicographic 
order. 

3 Proof of the strong normalization 

3.1 The idea of the proof 

Wc give the idea for one equation X k F. The extension for the general case is 
given at the beginning of section 3.4. 

It is enough to show that, if M, arc in SN, then M\x := N] g SN. Assuming 
it is not the case, the interesting case is M = (x P) with (N Pi) ^ SN where 
Pi = p[x N] e SN. This imphes that N >* XyNi and Ni[tj = Pi] ^ SN. If 
we know that the type of N is an arrow type, we get a similar situation to the 
one we started with, but where the type of the substituted variable has decreased. 
Repeating the same argument, we get the desired result, at least for N whose type 
does not contain X. If it is not the case, since, by repeating the same argument, 
we cannot come to a constant type (because such a term cannot be applied to 
something), we come to X. Thus, it remains to show that, if M, N are in SN and 
the type of x is X, then M[x := N] e SN. 

To prove this, we prove something a bit more general. We prove that, if M, a € 
SN where cr is a substitution such that the types of its image are in T+(X), then 
M[a] € SN. The proof is done, by induction on r]c{M) as follows. As before, 
the interesting case is M = {x P),a{x) = N t>* XyNi, Pi = P[a] € SN and 
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Ni[y = Pi] ^ SN. Thus, there is a sub-term of a reduct of Ni of the form (y N2) 
such that (Pi N^iy := Pi]) ^ SN but N2[y := Pi] G SN. Thus Pi must reduce to 
a A. 

This A cannot come from some x' £ dom{a), i.e. P >* {x' ^). Otherwise, the 
type of P would be both positive (since P >* {x' ^) and the type of x' is positive) 
and negative (since, in M, P is an argument of x whose type also is positive). Thus 
the type of Pi (the same as the one of P) does not contain X. But since Ni, Pi are 
in SN, we already know that Ni[y = Pi] must be in SN. A contradiction. Thus, 
P>* XxiMi and we get a contradiction from the induction hypothesis since we have 
Ml [a'] ^ SN for Mi strictly less than M. The case when y has more than one 
argument is intuitively treated by "repeat the same argument" or, more formally, 
by lemma 8 below. 

As a final remark, note that many lemmas are stated in a negative style and 
thus may seem to hold only classically. This has been done in this way because we 

believe that this presentation is closer to the intuition. However, it is not difficult 
to check that the whole proof can be presented and done in a constructive way. 

3.2 Some useful lemmas on the un-typed calculus 

Lemma 2. Assume M,N,'d e SN and [M N 'd) ^ SN . Then, for some term 
M', M >* Xx M' and {M'[x := N] ^) ^ SN. 

Proof Since M,N,'d G SN, an infinite reduction of P = (M TV ^) looks like 
P >* [Xx M' N' O') l> {M'[x := N'] (9) l> . . . and the result immediately follows 
from the fact that {M'[x := N] ^) >* {M'[x := N'] O'). □ 

Lemma 3. Let M he a term and a he a suhstitution. Assume M, a € SN and 
M[a] ^ SN. Then {a{x) P\a\) ^ SN for some {x 'P) ^ M such that Pf^ E SN. 

Proof A sub-term M' of a reduct of M such that r]c{M') is minimum and 
M'[a] SN has the desired form. □ 

Lemma 4. Let M be a term and a he a suhstitution such that M[a] >* AzMi. Then 

- either M t>* XzM2 and M2[(t] >* Mi 

- or M >* {x 1^) for some X G dom{a) and {a{x) N[a]) >* XzMi. 

Proof This is a classical (though not completely trivial) result in A-calculus. Note 
that, in case M G SN (and we will only use the lemma in this case), it becomes 
easier. The proof can be done by induction on r]c{M) by considering the possibility 
for M: either AyMi or {XyMi P ^) or {x A^) (for x in dom{cr) or not). □ 

3.3 Some useful lemmas on the congruence 
Definition 6. We define on I the following relations 

— i < j iff Xi & var{T) for some T such that Xj T. 

— i ^ j iff i < j and j < i. 

~ i < j iff i ^ 3 (^iT-d j 'Z' i 

It is clear that ~ is an equivalence on /. 

Definition 7. i. Let Xi = {Xj / j < i} and XI = {Xj / j <i}. 

2. For y CX, letTiy) = {T e T / var{T) C y} where var{T) is the set of type 
variables occurring in T. 

3. For i G I, we will abbreviate by % the set T{Xi) and by the set T{X-). 
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4- If £ G £ w*'^ denote the opposite of e. The opposite of + is - and 

conversely. 

Lemma 5. Let i € I. The class ofi can be partitioned into two disjoint sets i+ and 
i~ satisfying the following properties. 

1. If e e {+, j e i^ and Xj w T, then for each k G i^, T G T^{Xk) and for 
each k&i^,T G T^(Xfc). 

2. Let j ~ i. Then, if j e i"*", j+ = z+ and j~ = i~ and if j G i~ , j+ = i~ and 
j- = i+. 

Proof This follows immediately from the following observation. Let i ^ j and 
Xi K. T Pi U . Choose an occurrence of Xj in T and in U . Then, these occurrences 
have the same polarity. This is because, otherwise, since i < j, there is a V such 
that Xj « V and Xi occurs in V. But then, replacing the mentioned occurrences 
of Xj by y in r and U will contradict the fact that f« is good. □ 

Definition 8. Let i G I and e G {+,—}. We denote Tf = {T G % / for each 

j e i% T G T^iXj) and for each j Gi~,T G r{Xj)}. 

Lemma 6. Let i G I and s G {+, — }. 

1. TfnT^CT/. 

2. IfU G and U^V, then V G . 

3. IfU G and U^U^^ U2, then C/i e 7f and U2 G . 

Proof Immediate. □ 
Notations, remarks and examples 

— If the equations are those of the case 4 of the examples given above, we have 
1~2<3<4~5 and, for example, 1+ = {1} and 1" = {2}, 3+ = {3}, 3" = 0, 
4+ = {4} and 4" = {5}. 

— If T is a type, we denote by lg{T) the size of T. Note that the size of a type is, 
of course, not preserved by the congruence. The size of a type will only be used 
in lemma 7 and the only property that we will use is that lg{Ui) and lg{U2) are 
less than lg{Ui 1/2). 

— By the typing rules, the type of a term can be fr(X'ly replaced by an equivalent 
one. However, for i e / and e G {+, —}, the fact that U G Tf does not change 
when U is replaced by V for some V U. This will be used extensively in the 
proofs of the next sections. 

3.4 Proof of the strong normalization 

To give the idea of the proof, we first need a definition. 

Definition 9. Let £ be a set of types. Denote by H[£] the following property: 

Let M,N G SN. Assume r,x : U ^ M : V and T ^ N : U for some T, U, V 
such that U g£. Then M[x := N] G SN. 

To get the result, it is enough to show H[T]. The proof that any typed term 
is in SN is then done by induction on cxty{M). The only non trivial case is M = 
{Ml M2). But M ={x M2)[x := Mi] and the result follows from H[T] and the IH. 

We first show the following (see lemma 7). Let 3^ C A*. To prove H[T{y)], it is 
enough to prove for each X Gy. 

It is thus enough to prove of H[{Xi}] for each i G I. This is done by induction 
on i. Assume i?[{Xj}] for each j < i. Thus, by the previous property, we know 
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H[T^]. We show essentially as we said in section 3.1. The only difference 

is that, what was called there " X is both positive and negative in T" here means 
T is both in 7^^ and T~- There wc deduced that X docs not occur in T. Here we 
deduce T <E T/ and we are done since wc know the result for this set. 

Lemma 7. Let y C X be such that H[{X}] holds for each X ey. Then H[T{y)] 
holds. 

Proof Let M, N be terms in SN. Assume r,x:U\- M :V and F \- N : U and 
U e T{y). We have to show M[x := N] G ^A^. 

This is done by induction on lg{U). Assume M[x := N] ^ SN. By lemma 3, let 

(.tP^) ^ M be such that Pi.qI e SN and {N Pi qI) SN where Pi = P[x := 
N] and Ol = Q[x := N]. By lemma 2, A^ >* AxiA^i and (A^i[.ti := Pi] qI) ^ SN. 

If ?7 is a variable (which is in y since U G T{y)), we get a contradiction since 
we have assumed that holds for each X Gy. 

The type U cannot be a constant since, otherwise x could not be applied to 
some arguments. 

Thus U = Ui ^ 1/2. In the typing of {N Pi Qi), the congruence may have been 
used and thus, by lemma 1, there are Wi « Ui, W2 ^ U2, U ^ Wi W2 and 
r, xi -.Wih Ni: W2 and P h Pi : W^i. But then, we also have P, xi -.Ui^ Ni: U2 
and P h Pi : Ui. Now, by the IH, we have Ari[a;i := Pi] G SN since lg{Ui) < lg{U). 
Since P, z : C/2 h (z Q^) : V for some V and P h Ni[xi := Pi] : U2, by the IH 
since lgiU2) < lg{U), we have (iVi[a;i := Pi] qI) = {z Qi")[z = Ni[xi := Pi]] G SN. 
Contradiction. □ 

For now on, we fix some i and we assume H[{Xj}] for each j < i. Thus, by lemma 
7, we know that H[T/] holds. It remains to prove II[{Xi}] i.e. proposition 1. 

Definition 10. Let M be a term, a be a substitution, F be a context and U be a 
type. Say that (cr, P, Af, U) is adequate if the following holds. 

- P I- M[a] : U and M, a G SN. 

- For each x G dom{a), P h a{x) : Vx and Vx G 7^"*". 

Lemma 8. Let n, m be integers, ^ be a sequence of terms and {5, A, P, B) be ad- 
equate. Assume that 

1. B eTr -V and A h {P[5] ~§) : W for some W. 

2. 'S &SN,P& SN and r/c(P) < (n,m). 

3. M[a] G SN for every adequate {a,F,M,U) such that r]c{M) < {n,m). 
Then {P[S] S^) G SN. 

Proof By induction on the length of ^. If ^ is empty, the result follows from 
(3) since ?7c(P) < (n, m). Otherwise, let = S1S2 and assume that P[S] >* Xz R. 
By lemma 4, there arc two cases to consider: 

- P\>* Xz R'. We have to show that Q = {R'[6 + z := Si] S^) G SN. Since 
B G T-~, by lemmas 1 and 6, there are types Bi, B2 such that B w Bi — > B2 
and A, z : Bi \- R' : B2 and Z\ h S'l : Pi and Bi G T+ and B2 e T~ . Since 
ric{R') < {n, m) and {[6 + z = Si], A U {z : Pi}, R' , B2) is adequate, it follows 
from (3) that R'\5 + z := Si]] G SN. 

- Assume first B2 G T; . Since {z' S'2) G SN and Q = {z' S^)[z' := R'[S + z := 
Si]], the result follows from H[T/]. 

- Otherwise, the result follows from the IH since ([J + = Si], A U {z : 
Bi}, R' , B2) is adequate and the length of 5*2 is less than the one of S^. 

- If P >* {y 1^) for some y G dom{6). Then A h T[^) : B. By the definition 
of adequacy, the type of y is in T^^ and B G T^' n C T^. Contradiction. □ 
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Lemma 9. Assume {a, F, M, A) is adequate. Then M[a] £ SN. 

Proof By induction on rjc{M). The only non trivial case is for 
some X e dom{a). Let N = a{x). 

By the IH, Q[a],0\^ e SN. By lemma 1, wc have « Wi ^ VF2, T h Q[a] : 
Wi and r h (iV (5[c7]) : W2. Moreover, by lemma 6, Wi G Tr and W2 S 7^+. 
Since M[a] = (z 'd)[a + z := (N Q[a])], Tj{iz '6)) < rj{M), cxty{{z '6)) < cxty{M) 
and W2 S 7^^, it is enough, by the IH, to show that [N Q[(j\) e SN. Assume that 
N >* Ay A^'. We have to show that N'[y := Q[a]] G 57V. 

- Assume first WiGT/. The result follows from H[T/]. 

- Otherwise, assume N'[y := Q[a]] ^ SN. Since N',Q[(t] e SN. by lemma 3, 
{y ~t) < N' for some 't such that L[y ■= Q[a]\ e SN and {Q[a] L[y := Q[a]\) ^ SN. 
But this contradicts lemma 8. Note that, by the IH, condition (3) of this lemma is 
satisfied. □ 

Proposition 1. Assume r,x : Xi \- M : U and r \- N : Xi and M,N e SN. Then 
M[x := N] e SN. 

Proof This follows from lemma 9 since {[x := N], F, M, U) is adequate. □ 



4 The typed A/u-calculus 

Definition 11. 1. Let W he an infinite set of variables such that V fl W = 0. An 
element ofV (resp. W) is said to be a X-variable (resp. a ^-variable) . We extend 
the set of terms by the following rules 

M ::= ... I I.1WM I {WM) 

2. We add to the set A the constant symbol _L and we denote by -lU the type 
U 

3. We extend the typing rules by 

F,a:^UhM:± F,a:^UhM:U 
F h naM : U '^^ r, a : h (a M) : _L 

where F is now a set of declarations of the form x : U and a : where x is a 
X-variable and a is a /i-variable. 
4- We add to > the following reduction rule {iiaM N)>iJ.aM[a = N] where M[a = 
N] is obtained by replacing each sub-term of M of the form {a P) by {a {P N)). 
This substitution will be called a fj,- substitution whereas the (usual) substitution 
M[x := N] will be called a X- substitution. 

Remarks 

— Note that we adopt here a more liberal syntax (also called de Groote's calculus 
[13]) than in the original calculus since we do not ask that a ^,a is immediately 
followed by a {(3 M) (denoted \(3]M in Parigot's notation). 

— Wc also have changed Parigot's typing notations. Instead of writing M : {A^^ , 
A^ h B,Ci^ , ...,C!^) we have written x\ : Ai,...,Xn '■ An,ai : -iCi, a^ri : 
-iCto \- M : B but, since the first introduction of the A/x-calculus, this is now 
quite common. 

— Unlike for a A-substitution where, in M[x := N], the variable x has disappeared 
it is important to note that, in a /U-substitution, the variable a has not disap- 
peared. Moreover its type has changed. If the type oi N is U and, in M, the 
type of a is -i(f/ ^ V) it becomes -^V in M[q = A]. 
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— The definition of good congruence is tfie same as before. As a consequence, we 
now have the following facts. If U » -L, then {/ = _L and, if -^U w -^V, then 
U^V. 

— We also extend all the notations given in section 2. Finally note that lemma 1 
remains valid. Moreover, they are easily extended by lemma 10 below. 

Lemma 10. 1. If F \- na M : U, then r, a : -V \- M : ± for some V such that 
U^V. 

2. Ifr,a:^Uh (aM) : T, then r,a : \- M : U and T = ±. 

3. If r,a : ^{U ^ V) ^ M : T and r \- N : U, then T, a : h M[a = N]:T. 

Theorem 2. If T h M : T and M \>* M' , then M' :T. 

Proof It is enough to show that, if T h (/ita MN) : T, then T h ij,aM[a = 
N] : T. Assume F h {^la M N) : F. By lemma I, F ^ ^ia M : U ^ V , F ^ N : U 
and y « T. Thus, T, a : -.T' h M : _L and T' « [/ ^ y. By lemma 1, we have 
r, a : ^([/ ^ y) h M : _L. Since T h : f/ and F « T, T, a : h M[a = N]:L. 
Then F h iJiaM[a = A^] : y and T h ij.aM[a = N]:T. □ 



4.1 Some useful lemmas on the un- typed calculus 

Lemma 11. Let M be a term and cr = cri U (72 where a\ (resp. cr^) is \ (resp. ji) 
substitution. Assume M[a] >* /xaMi (resp. XyMi). Then 

- either M >* iJLaM2 (resp. XyM2) and M2[a] >* Mi 

- or (Mt>* {x 1^) for some x G dom{ai) and {a{x) N[a])[>* fiaMi (resp. XyMi). 

Proof A /i-substitution cannot create a A or a (see, for example, [11]) and 
thus, the proof is as in lemma 4. □ 

Lemma 12. Assume M,P,~(^ e SN and {M P~(^) SN . Then either (M\>*\xMi 
and (Mi[x := P] (^)^SN) or (M >* iiaMi and iiiaMi[a = P]C^) ^ SN). 
Proof As in lemma 2. □ 

Lemma 13. Let M be a term and a be a \- substitution. Assume M, a € SN and 
M[a] ^ SN. Then {a{x) P[^) ^ SN for some {xV)^M such that e SN. 
Proof As in lemma 3. □ 

Definition 12. A ^-substitution a is said to be fair if, for each a € dom{a), a ^ 
Fv{a) where x € Fv{a) (resp. (3 G Fv{a)) means that x G Fv{N) (resp. (3 G 
Fv{N) ) for some N G Im{a). 

Lemma 14. Let a be is a fair fi- substitution, a G dom{a) and x ^ Fv{a) (resp. 
13 ^ Fv{a)), then M[a][x := a{a)] = M[x := a{a)][a] (resp. M[a][l3 = a{a)] = 
M[0 = aia)][a]). 

Proof Immediate. □ 

Lemma 15. Let M, N be terms and a be a fair ^-substitution. Assume M[a],N G 

SN but {M[a] N) ^ SN. Assume moreover that M[a] >* fj,aMi. Then, for some 
{a M2) < M, we have {M2[a'] N) ^ SN and M2[a'] G SN where a' = [a + a = N]. 

Proof By lemma 1 1 , we know that M>* iiaM[ for some M[ such that M[ [cr] i>* Mi . 
Let M' be a sub-term of a reduct of M such that (77(M'[(t]), cxty{M')) is minimum 
and M'[cr'] ^ SN. We show that M' = (a M2) and has the desired properties. By 
minimality, M' cannot be of the form XxP, ji^P nor {(3 P) for /3 7^ a or /3 ^ dom{a). 

If M' = (Pi P2). By the minimality of M', Pi [cr'] , P2 [a'] G SN. Thus, by lemma 
11 and 12, Pi >* XxQ (resp. Pi >* nl3Q) such that Q[(j'][x := P2[a-']] = Q[x := 
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P2][ct'] ^ SN (resp. Q[a'][/3 = P2[a']] = g[/3 = P2][a'] ^ SN) and this contradicts 
the minimality of M'. 

If M' = (/? P) for some /3 G dom{a). Then (P[cr'] ^ S'A^ and, by the 

minimality of M', P[a'] G SN. Thus, by lemmas 11, 12 and 14, P >* AxQ (resp. 
P >* ii^Q) such that Q[fT'][a; := (t{0)] = Q[x := o-(/3)][cr'] ^ SAT (resp. (3[cr'][7 = 
cr(/3)] = (5[7 = (t(/3)][(j'] ^ S'A^) and this contradicts the minimality of M'. 

Thus M' = {a M2) and its minimality implies M^ia'] G SN. □ 

4.2 Proof of the strong normalization 

We use the same notations as in section 3. 

Lemma 16. Lety^X be such that H[{X}] holds for each X & y. Then H[T{y)] 
holds. 

Proof Assume that -ff [{X}] holds for each X y. The result is a special case 
of the following claim. 

Claim : Let M be a term, U, V be types such that U G T{y) and a be a A- 
substitution such that, for each x, cr{x) = Nx[tx\ where is a fair /^-substitution 
such that dom{Tx) n Fv{M\a\) = 0. Assume F \- M -.V and for each x G dom{a), 
x:U &r. Assume finally that M and the Nx[t:^] are in SN. Then, M[a] G SN. 

Proof. By induction on {lg{U), ric{M) , r]c{a)) where r]{a) = vi^x) and cxty{a) = 
^ cxty{Nx) and, in the sums, each occurrence of a variable counts for one. For ex- 
ample, if there are two occurrences of xi and three occurrences of X2, cxty{a) = 
2 cxty{Ni) + 3 cxty{N2). Note that we really mean cxty{Nx) and not cxty{Nx[Tx\) 
and similarly for 77. 

The only non trivial case is when M = {x Q (?) for x G dom{a). By the IH, 
Q[a],0[a\ e SN. It is enough to show that (N^Itx] Q[a]) G SN since M[a] can be 
written as M'[a'] where M' = (z 0[a]) and (t'(z) = (A^2;[tj;] Q[a]) and (since the 
size of the type of z is less than the one of U) the IH gives the result. By lemma 
12, we have two cases to consider. 

— Nx[tx] [>* XyNi. By lemma 11, N^^* XyN2 and the proof is exactly the same as 
in lemma 7. 

- N^Itx] >* mNi- By lemma 15, let (a N2) < be such that N2[t'] G SN and 
R = {N2[t'] Q[a]) ^ SN where t' = [t^ + a = Q[a]]. But R can be written as 
(y Q)[<t'] where a' is the same as a except that cr'(y) = N2[t']. Note that (y Q) 
is the same as (or less than) M but one occurrence of x has been replaced by 
the fresh variable y. The substitution r' is fair and dom{T') fl Fv{{y Q j) = 0. 
The Iff gives a contradiction since r]c{a') < r]c{a). Note that the type condition 
on cr' is satisfied since Nx has type U, thus a has type -i{7 and thus N2 also has 
type U. □ 

For now on, we fix some i and we assume H[{Xj}] for each j < i. Thus, by lemma 
16, we know that H[T/] holds. It remains to prove H[{Xi}] i.e. proposition 2. 

Definition 13. Let M be a term, a — ai^J 02 where ui (resp. U2) is a X (resp. n) 
substitution, F be a context and U be a type. Say that {a, F, M, U) is adequate if the 
following holds: 

- FV- M[(t] -.U andM,a€ SN. 

— For each x G dom{ai), F h cr{x) : Vx and Vx G 7^^. 
Note that nothing is asked on the types of the /x- variables. 
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Lemma 17. Let n, m he integers, ~§ he a sequence of terms and (5, Z\, P, B) he 
adequate. Assume that 

1. B&rr -ri and A h {P[8\ ~§) : W for some W. 

2. eSN, Pe SN and r]c{P) < {n,m). 

3. M[a] G SN for every adequate {a,r,M,U) such that r]c{M) < {n,m). 
Then {P[S] S^) G SN. 

Proof By induction on the length of . The proof is as in lemma 8. The new 
case IS P[5] >* naR (when ^ = SiS^). By lemma 11, we have two cases to consider. 

- P i>* naR'. We have to show that Q = {iiaR'[S + a ^ Si] S^) E SN. By 
lemma 10, the properties of « and since B G T~ , there are types Bi,B2 such 
that B K. Bi B2 and A h ^aR'[5 + a ^ Si] : B2 and S2 G 7^". Since 
ric{R') < {n,m) and ([(5 + a ~ Si], A U {a : ^B2} , ^aR' , B2) is adequate, it 
follows from (3) that R'[5 + a^ Si] G SN. 

- Assume first B2 € T/ . Since {z' ^) G SN and Q = {z' := + a = 
Si]], the result follows from H[T/]. 

- Otherwise, the result follows from the IH since ([(5 + a = Si], A L) {a : 
-ii?2}j naR' , B2) is adequate and the length of S2 is less than the one of ^. 

— P >* (y 2^) for some A-variable y G dom{6). As in lemma 8. □ 

Lemma 18. Assume {a,r,M,A) is adequate. Then M[a] G SN. 

Proof As in the proof of the lemma 16, we prove a more general result. Assume 
that, for each x G dom{(Ji), (Ti(.t) = iVx[Tx] where Tj. is a fair /^-substitution such 
that dom{Tx) D Fv{M[(t]) = 0. We prove that M[a] G SN. 

By induction on r]c{M) and, by secondary induction, on ric{cTi) where ri{ai) and 
cxty{ai) arc defined as in lemma 16. The proof is as in lemma 16. The interesting 
case \s M = [x Q ~d) for some x G dom{ai). The case when Af^j;[Ta;] [>* XyN' is as in 
lemma 9. The new case is when Nx[tx\ >* jiaN'. This is done as in lemma 16. Note 
that, for this point, the type was not used. □ 

Proposition 2. Assume r,x : Xi \- M : U and F \- N : Xi and M,N € SN. Then 

M[x := N] G SN. 

Proof This follows from lemma 18 since ([a; := A''], P, M, U) is adequate. □ 

5 Some applications 

5.1 Representing more functions 

By using recursive types, some terms that cannot be typed in the simply typed A- 
calculus become typablc. For example, by using the equation X k [X T) ^ T, 
it is possible to type terms containing both {x y) and [y x) as sub-terms. Just take 
X : X and y : X — > T. By using the equation X T ^ X, it is possible to apply 
an unbounded number of arguments to a term. 

It is thus natural to try to extend Schwichtcnbcrg's result and to determine the 
class of functions that are represented in such systems and, in particular, to see 
whether or not they allow to represent more functions. Note that Doyen [15] and 
Fortune & all [16] have given extensions of Schwichtcnbcrg's result. 

Here is an example of function that cannot be typed (of the good type) in the 
simply typed A-calculus. 

Let Nat = {X ^ X) ^ {X ^ X) and Bool = Y ^ {Y ^ Y) where X, Y are 
type variables. Let n = XfXx (/ (/ ... x) ...) be the church numeral representing n 
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and = \x\y y, 1 = XxXy x be the terms representing /afee and true. Note that h 
has type Nat and 0, 1 have type Bool. 

The term In] = XxXy (x M Xzl {y M XzO)) where M = Xx Xy (yx) has been 
introduced by B.Maurey. It is easy to see that, for every n,m G N, the term (Inf rrin) 
reduces to 1 if m < n and to otherwise. Krivine has shown in [24] that the type 
Nat — > Nat — > Bool cannot be given to Inf in system F but, by adding the equation 
X « (X — > Bool) — > Bool, it becomes typable. Our example uses the same ideas. 

Let « be the congruence generated by X « (X ^ Bool) Bool. For each 
n e IN*, let Inf„ = Ax {x M Xyl (Af "-i XyO)) where {M'' P) = (M (M ... (M P))). 

Proposition 3. For each n G IN* we have h /n/„ : Nat Bool. 

Proof We have x : X ^ Bool,y : X \- (yx) : Bool, then h M : (X ^ Bool) 
{X Bool), thus h (HAf) : (X ^ 5oo/) ^ (X ^ Soo/). But ^ XyO : X ^ Bool, 
therefore h (nMAyO) : X Bool. 

We have x : X,y : X ^ Bool h (yx) : Bool, then h M : X ^ X, thus 
X : Nat\- (xM) : X ^ X. But h Ayl : {X Bool) Bool, therefore x : Nat \- 
(xMXyl) : X. 

We deduce that x : Nat h ((nM A?/0) (xMAyl)) : Boo/, then x : Nat h 
{x M Xyl (M"-i AyO)) : Bool and thus h 7n/„ : ^ai ^ SooL □ 

Proposition 4. For eac/i n £ IN* anrf m € IN, (/n/„ m) reduces tol ifm<n and 

to otherwise. 

Proof 

(/n/„ to) >* (M™ Ayl (M"-i AyO)) >* (M"-i AyO (M™"! Ayl)) >* 
(M"*'! Ajyl (Af"-2 ^yoj) ^* AyO (Af™-^ A?/l)) >* ... 

>*1 i/ m < n and otherwise. □ 
Remarks 

Note that for the (usual) simply typed A-calculus we could have taken for X and 
Y the same variable but, for propositions 3 and 4, we cannot assume that X = Y 
because then the condition of positivity would not be satisfied. This example is thus 
not completely satisfactory and it actually shows that the precise meaning of the 
question "which functions can be represented in such systems" is not so clear. 

5.2 A translation of the Aju-calculus into the A-calculus 

The strong normalization of a typed Ay^-calculus can be deduced from the one of 
the corresponding typed A-calculus by using CPS translations. See, for example, 
[14] for such a translation. There is another, somehow simpler, way of doing such a 
translation. Add, for each atomic type X, a constant ax of type -i-iX X. Using 
these constants, it is not difficult to get, for each type T, a A-term Mt (depending 
on T) such that Mt has type -i-iT — * T. This gives a translation of the A/i-calculus 
into the A-calculus from which the strong normalization of the A/U-calculus can be 
deduced from the one of the A-calculus. This translation, quite different from the 
CPS translations, has been used by Krivine [26] to code the A/U-calculus with second 
order types in the AC-calculus. 

With recursive equations, we do not have to add the constant ax since we can 
use the equation X « -i-iX. We give here, without proof, the translation. We denote 
by S~ the simply typed A-calculus where w is the congruence on T (where A= {-L}) 
generated by X k, -<-iX for each X and by the usual (i.e. without recursive 
types) A/u-calculus. 

Definition 14. 1. We define, for each type T, a closed X-term Mt such that I-rj 
Mt ■ -i-iT -^T as follows. This is done by induction on T. 



12 



- Mj_ = Xx {x I) where I = Xx x. 

- IfXGX, Mx = I. 

- Mu^v = AxAy (My Xz{x Xt{z {t y)))) 

2. We define a translation from Sx^ to Sps as follows. 

- X* = X. 

- (XxM)* = XxM*. 

- {MN)* = {M*N*). 

- liiaM)* = {Mu XaM*) if a has the type -.[/. 

- (aM)* = (aM*). 

For a better understanding, in the translation of fiaM and (a M), wc have kept 
the same name to the variable a but it should be clear that the translated terms 
are A-terms with only on kind of variables. 

Lemma 19. IfThx^M-.U then T h~ M* : U. 

Lemma 20. Let M, N be typed Xfi-terms. If M \> N , then M* l>+ N* . 

Proof It is enough to check that {/jaM N)* t>+ {fiaM[a = N])*. □ 

Theorem 3. The strong normalization o/5rj implies the one of Sxfj,- 

Proof By lemmas 19 and 20. □ 

Remark 

Note that the previous translation cannot be used to show that the A/i-calculus 

with recursive types is strongly normalizing since having two equations (for example 
X « -i-iX and X F) is problematic. 

6 Remarks and open questions 

1. The proof of the strong normalization of the system D of intersection types [6] 
is exactly the same as the one for simple types. Is it possible to extend our proof 
to such systems with equations ? Note that the sort of constraints that must 
be given on the equations is not so clear. For example, what does that mean to 
be positive in ^ A B ? To be positive both in A and B ? in one of them ? It 
will be interesting to check precisely because, for example, it is known that the 
system^ given by system D and the equations X {Y ^ X) A {X ^ X) and 
Y ^ X Y is strongly normalizing (but the proof again is not formalized in 
Peano arithmetic) though the positivity condition is violated. 

2. We could add other typing rules and constructors to ensure that, intuitively, 
X represents the least fixed point of the equation X k, F. This kind of thing is 
done, for example, in TTR. What can be said for such systems? 

3. There are many translations from, for example, the A/x-calculus into the A- 
calculus that allows to deduce the strong normalization of the former by the 
one of the latter. These CPS transformations differ from the one given in section 
5.2 by the fact that the translation of a term does not depend on its type. What 
is the behavior of such translations with recursive equations ? 
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